net/chrony: update to 4.1

ChangeLog:
https://chrony.tuxfamily.org/news.html#_13_may_2021_chrony_4_1_released

net/chrony: enable MS-SNTP authentication (SIGND)
PR:		254859
Reported by:	Andrej Ebert

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

net/chrony: Preparations for a new slave port

PR:		252584
Submitted by:	myself
Approved by:	mandree@

net/chrony: update to 4.0 release

Changelog: https://git.tuxfamily.org/chrony/chrony.git/tree/NEWS?id=4.0#n1

Update options (unfortunately the crypto stuff is a bit contorted
with NSS <-> Nettle incompatibilities and NTS requiring GnuTLS and Nettle).

net/chrony: security update to 3.5.1

This upstream update essentially contains one Git commit:
https://git.tuxfamily.org/chrony/chrony.git/commit/?h=3.5-stable&id=f00fed20092b6a42283f29c6ee1f58244d74b545

It is to fix a symlink vulnerability when writing the pidfile.

Changelog:
https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html

MFH:		2020Q2 (blanket: upstream has one specific git commit between 3.5 and
3.5.1)
Security:	CVE-2020-14367
Security:	719f06af-e45e-11ea-95a1-c3b8167b8026

Bump PORTREVISION for security/nettle shlib change

net/chrony: option to use system ntpd user/group

USER_DESC was reworded to make purpose clearer.

While here, shuffle things a bit to appease portclippy.

PR:		246293
Submitted by:	olivier@

net/chrony: fix regression, remove pidfile= from rc.d script

chrony handles its own pidfile, and still our status method works,
so avoid missing chrony's own lock management.

PR:		245399
Reported by:	Peter Putzer

net/chrony: take maintainership, repeated timeouts from yonas@fizk.net

net/chrony: make NETTLE build robust, improve rc script, re-enable NSS

Changes by Colin T.:
* Always require pkgconfig instead of only requiring it for NSS,
  because otherwise chrony does not link reliably to nettle. [1]
* Add pidfile to rc.d script to stop it from complaining when
  stopping chronyd. [1]
* Document chronyd_* options in rc.d script. [1]

Changes by Matthias Andree:
* Move USES line up to please portlint.
* Add HTMLDOCS option, to build and install HTML docs. IMPLIES DOCS.
  Needs textproc/asciidoctor (rubygem) as build requisite.
* Turn CRYPTLIB into a _RADIO to choose at most one from NSS + NETTLE.
* Under WITH_DEBUG, add --enable-debug to CONFIGURE_ARGS.
* Remove @ (silent) from Makefile commands.
* Remove NSS_BROKEN, chrony 3.5 appears to work with NSS. Updates [3].

PR:		244534 [1]
PR:		242510 [2]
PR:		223840 [3]
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com> [1]
Reported by:	Matt Smith <freebsd@xtaz.uk> [2]
Approved by:	maintainer timeout (yonas@fizk.net, 36 days)

Drop the ipv6 virtual category for n* category as it is not relevant anymore

net/chrony: Update to 3.5

PR:		239596
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com>
Approved by:	maintainer timeout (yonas@fizk.net, >1 month)

Update security/nettle to 3.5.1

- Bump PORTREVISION of dependent ports for shlib change
- Fix build of devel/pijul [1]

Changes:	https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS
PR:		238991
Exp-run by:	antoine
Thanks to:	tobik [1]

net/chrony: Fix chrony running as server and using bindaddress

On FreeBSD, sendmsg() fails when IP_SENDSRCADDR specifies a source
address on a socket that is bound to the address. This prevents a server
configured with the bindaddress directive from responding to clients.

Add a new variable to check whether the server IPv4 socket is not bound
before setting the source address.

PR:		233644
Submitted by:	Colin T <bugzilla@nulldir.e4ward.com>
Reported by:	ddrinnon@cdor.net
Approved by:	maintainer timeout (> 3 weeks)
Obtained
from:	https://git.tuxfamily.org/chrony/chrony.git/commit/?id=6af39d63aa9323b4b8c39efe24ae0c88c949a901

net/chrony: Update to 3.4

PR:		232823
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com>
Approved by:	maintainer timeout (yonas@fizk.net, >3 weeks)

Remove redundant DOCS, NLS, EXAMPLES, and IPV6 from OPTIONS_DEFAULT as they
are put there by the framework (see line 200 of Mk/bsd.options.mk), except
for `finance/quantlib' which makes very unorthodoxal usage of port options.

net/chrony: Update to 3.3

- Add explicit DOCS, EXAMPLES options
- Replace %%PREFIX%% in sample files
- Make sure chronyc is really linked with libedit from ports
- Add support for security/nettle and use it by default since chrony crashes
  on startup when built with NSS. [1]

PR:		227779, 223840 [1]
Submitted by:	takefu@airport.fm
Approved by:	maintainer

Add missing lib dependency in the original patch
Bump PORTREVISION

PR:		217691
Submitted by:	John Hein  <z7dr6ut7gs@snkmail.com>
Approved by:	Yonas Yanfa <yonas@fizk.net>

Makes the NSS dependency explicit, and perform cleanup
Bump PORTREVISION

Before this patch if nss is installed when crony is built, there's a silent lib
dependency on nss, and if nss is subsequently uninstalled chrony breaks.

NSS is now turned on by default adding support for a number of more modern
hashing algorithms than md5.

Cleanup:
 - --infodir is not a valid configure option (since 2.3 I think)
 - USES=localbase instead of LDFLAGS
 - add explicit --without-tomcrypt [1]
 - add support for passing chronyd_flags to chronyd in rc.d script
 - fix some hard-coded /usr/local in examples

PR:		217691
Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
Approved by:	Yonas Yanfa <yonas@fizk.net> (maintainer)

net/chrony: Remove dubious security warnings in pkg-message

PR:		223647
MFH:		2017Q4

- Update to 3.1

PR:		217573
Submitted by:	yonas@fizk.net(maintainer)

Update net/chrony: enable privilege separation and other minor changes.

- enables privilege separation
- removes the build dependency on asciidoctor
- removes the runtime dependency on makeinfo and readline
- add a runtime dependency on libedit
- do not install the HTML documentation (in favour of man pages)
- update the post-install message (pkg-message) in light of privilege separation
- set the permission of /var/db/chrony to the new "chronyd" user and group

PR:		216737
Submitted by:	maintainer
Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D9570

Mark various ports broken on aarch64 and armv6.

Approved by:	portmgr (tier-2 blanket)

- Update to 3.0
- While here, add LICENSE_FILE and remove unneeded @dir

PR:		216184
Submitted by:	yonas@fizk.net (maintainer)

Do not use post-stage.  Use post-install instead.

The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.

PR:		214780
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight

net/chrony: update 2.4 -> 2.4.1

PR:		214749
Submitted by:	Yonas Yanfa <yonas@fizk.net> (maintainer)

net/chrony: 2.3 -> 2.4

Changes:
  http://chrony.tuxfamily.org/news.html

PR:		210190
Submitted by:	Yonas Yanfa <yonas@fizk.net> (maintainer)

- Remove ONLY_FOR_ARCHS restriction as chronyd(8) runs fine on PowerPC now
- Remove no-op OPTIONS_DEFAULT=IPV6, which was bogusly re-added in r416385
  by pi@ after it was previously removed by amdmi3@ in r416447
- Sanitize `post-stage' target recipe (still needs more work to decouple
  extra docs and examples properly and add them to OPTIONS_DEFINE)

Tested on:	Mac mini G4 (powerpc)

net/chrony: 2.2 -> 2.3

- submitter becomes maintainer after repeated maintainer timeouts

Enhancements
- Add support for NTP and command response rate limiting
- Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris
- Add require and trust options for source selection
- Enable logchange by default (1 second threshold)
- Set RTC on Mac OS X with rtcsync directive
- Allow binding to NTP port after dropping root privileges on NetBSD
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled
- Resolve names in separate process when seccomp filter is enabled
- Replace old records in client log when memory limit is reached
- Don't reveal local time and synchronisation state in client packets

Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by
default anyway and don't need to be listed

Approved by:	portmgr blanket

Update to upstream version 2.2; general cleanup

Detailed log by submitter:
- Update net/chrony to latest upstream version - 2.2
- install info
- point to /var/db instead of /var/lib (per hier(7))
- use doc/install-docs target; install more docs (PORTDOCS)
- use @sample to a sample .conf file (not for .keys which will require
  manual intervention); others in examples dir (use PORTEXAMPLES)
- rm old post-install target
- fix example files for freebsd/prefix paths & ntp server names, add
  info regarding how to do log rotation if logging turned on.

PR:		204817
Submitted by:	z7dr6ut7gs@snkmail.com
Approved by:	maintainer timeout

net/chrony: prefix fix, remove setuid-root mode

PR:		204018
Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
Reviewed by:	koobs
Approved by:	masaki@club.kyutech.ac.jp (maintainer timeout)

net/chrony: 1.31 -> 1.31.1

- Update to 1.31.1 to resolve CVE-2015-1799, CVE-2015-1821, and CVE-2015-1822
- Regenerate patches with `make makepatch` to quiet portlint
- Strip binaries

PR:		199508
Submitted by:	Jason Unovitch <jason.unovitch@gmail.com>
Approved by:	masaki@club.kyutech.ac.jp (maintainer timeout)

net/chrony: add CPE info

PR:		199513
Submitted by:	jbeich
Approved by:	portmgr blanket

- Update to 1.31 [1]

While here:

- Add makeinfo and readline uses
- Fix plist orphans

PR:		194079 [1]
Submitted by:	Kevin Thompson <antiduh at csh.rit.edu>
Approved by:	maintainer timeout

Some minor, non-functional wording and grammar nits.

Add a port of system clock synchronization client and server (chrony).

WWW: http://chrony.tuxfamily.org/

PR:	ports/174263